China hacker's angst opens window onto cyber-espionage

Share with others:

Print Email Read Later

BEIJING -- For a 25-year-old computer whiz enlisted in a People's Liberation Army hacking unit, life was all about low pay, drudgery and social isolation.

Nothing at all like the unkempt hackers of popular imagination, the young man wore a military uniform at work in Shanghai. He lived in a dorm where meals often consisted of instant ramen noodles. The workday ran from 8 a.m. to 5:30 p.m., although hackers were often required to work late into the evening.

With no money and little free time, he found solace on the Internet. He shopped, chatted with friends, courted a girlfriend, watched movies and TV shows. He drew inspiration from the Fox series "Prison Break," borrowing its name for his blog.

The blog provides a rare peek into the secretive hacking establishment of the Chinese military, which employs thousands of people in what is believed to be by far the world's largest institutionalized hacking operation.

Concern about computer security has risen sharply in recent weeks. Top U.S. intelligence officials said this week that attacks and espionage now pose a greater potential danger than al-Qaida and other militant organizations. The computers of more than 30 journalists and executives of Western news organizations in China, including The New York Times and The Wall Street Journal, have been hacked.

Mandiant Corp., a U.S. computer security company based in Alexandria, Va., said in a report last month that it had traced an epidemic of attacks on dozens of U.S. and Canadian companies to an office building in Shanghai occupied by an espionage unit of the People's Liberation Army.

Mandiant security chief Richard Bejtlich said posts written by the blogger, who called himself "Rocy Bird," provided the most detailed first-person account to date of life inside the hacking establishment. Although the blog was discontinued four years ago, the techniques described in it remain the same, he said.

The hacker, whose real family name is Wang, posted 625 entries between 2006 and 2009. "Fate has made me feel that I am imprisoned," he wrote in his first entry on "I want to escape."

The Los Angeles Times tracked down Mr. Wang and his blog through an email address listed on a published 2006 paper on hacking. A paper coauthor was Mei Qiang, identified by Mandiant as a key hacker who operated under the alias "Super Hard" in Unit 61398. One of many Chinese military units linked to hacking, Unit 61398, falls under the People's Liberation Army's General Staff 3rd Department, 2nd Bureau, roughly equivalent to the U.S. National Security Agency.

The PLA recruits computer scientists, mathematicians and linguists from China's top universities for its Internet espionage programs. Not unlike in the U.S., students can continue their education for free in return for their enlistment in military service.

Mr. Wang earned his master's in Internet security at age 25 at the Information Engineering University, run by the PLA in Zhengzhou, Henan province. Immediately after graduating in 2006, he was enlisted in a hacking operation in Shanghai.

In the blog, Mr. Wang didn't disclose which unit he worked for but made clear he was wearing a uniform and carrying a military badge. He described his building as far from Shanghai's city center, one of his many complaints.

"I really don't get what those old guys are thinking in the beginning. They should at least take us young people into consideration," he wrote in a 2007 entry. "How can passionate young people like us handle a prison-like environment like this?"

One of his first tasks was to improve on a Trojan virus known as Back Orifice 2000, designed to remotely hijack a computer system to steal information. In July 2007, he boasted that his virus had successfully escaped detection by three leading detection programs made by McAfee, Symantec and Trend Micro, but that it didn't get past a fourth, Kaspersky. He also described another assignment: write a virus that would detect any USB storage device attached to a computer and copy its files.

The virus was a success, and Mr. Wang's boss was pleased. "If we're lucky enough, we might be able to complete this year's target and earn a year-end bonus for everyone," he wrote.

Otherwise, Mr. Wang poured out his unhappiness. Hackers were required to speak English, the international language of technology, as well as essential for phishing attacks on mostly U.S. targets. But when Mr. Wang tried to hone his English skills by reading magazines such as the Economist and Harvard Business Review, his boss rebuked him for reading too much foreign press.

A high school reunion left him feeling discouraged about his paycheck and prospects: "They all have a bright future. Some of them became lawyers; some went into property business or finance; some wrote programs for a commercial software company. Compared with their handsome monthly income, I even felt ashamed to say hello to them."

Mr. Wang never reflected on the pros and cons of hacking for the government but clearly regretted having enlisted. "My only mistake was that I sold myself out to the country for some minor benefits and put myself in this embarrassing situation," he wrote. With family help, he managed to get out in 2008 and halted the blog a year later.

He is believed to be living in Chengdu. He did not return several emails and instant messages requesting comment.

The period Mr. Wang's blog covered coincides with a hacking upsurge Mandiant detected. In a report issued last month, the company said hackers had systematically stolen hundreds of terabytes from 141 organizations, most of them American.

Industries targeted included chemicals, technology, financial services, mining, energy, health care, media and international organizations. The data included blueprints, pricing strategies and emails suspected of being given to Chinese state-owned enterprises for competitive advantage.

The Chinese government has repeatedly denied hacking and said it has been the victim of U.S.-initiated attacks. "Cyberspace needs rules and cooperation, not war. China is willing to have constructive dialogue and cooperation with the global community, including the United States," Foreign Ministry spokeswoman Hua Chunying said Tuesday.



Create a free PG account.
Already have an account?